Information Security News mailing list archives
Call Them Kiddies? Watch Out
From: InfoSec News <isn () C4I ORG>
Date: Fri, 16 Feb 2001 14:57:42 -0600
http://www.wired.com/news/culture/0,1284,41866,00.html by Michelle Delio 8:10 a.m. Feb. 16, 2001 PST Call them hackers, crackers, attackers or vandals - but whatever you do, please don't call them script kiddies. A group of self-proclaimed not-script-kiddies known as Sm0ked Crew has defaced websites belonging to Intel, Compaq Computer, Hewlett-Packard, Gateway, Disney, and The New York Times, in a series of attacks that began late Wednesday. And then, after seeing an article on vnunet, European technology news service, claiming that the attacks were the work of "script kiddies," Sm0ked Crew -- evidently thinking they were being dissed by Intel officials -- went back and hacked Intel's site again. This time they left a pointed message: "Intel, you called us script kiddies in www.evnunet.com(sic). Well, these script kiddies just owned you again. "We suggest you be a bit nicer to us proper hackers." But they got it wrong. No one from Intel called the company's tormentors script kiddies. The comment that tweaked Sm0ked Crew's sensibilities was actually made by Chris McNab, a network security analyst from MIS Corporate Defense Solutions. In an e-mail sent to vnunet, the group also said that it would "visit" Intel again if any more comments were made about their cracking skills. "Next time he talks shit we are just gonna own them again, he needs to learn to keep his mouth shut," the email said. Script kiddies is a derogatory term in the hacker world for attackers who use downloadable pre-configured scripts to do their dirty work. Sm0ked Crew is using a known security exploit that takes advantage of holes found in Microsoft's Internet Information Server (IIS 4.0). Patches are available for this hole, but evidently many companies have not bothered to patched their server software across their networks. Officials from HP, Compaq, Alta Vista and Intel confirmed that their networks had been attacked. They also claimed that Sm0ked Crew had hit only isolated parts of their networks: HP's e-learning site, a Compaq server serving the Middle East and Africa, an Alta Vista shopping site and an Intel server that provides Web access to product support documents. No sensitive company information was stolen. Then again, Sm0ked Crew didn't appear to be trying to accomplish anything more than "defacement attacks," said MonKeeBiz, a self-described "mercenary security analyst." "The attacks are pretty comprehensive. They are using some sort of a scanner to look at networks, and are finding any and every hole that will let them in," MonKeeBiz said. Once they gain access to a site, Sm0ked Crew does a defacement attack, leaving cyber graffiti to let the attacked companies and their users know that they have had visitors. The hacked sites on HP and Compaq contained the following message: "Admin, You just got Sm0ked. This site was hacked by Sm0ked crew. Hacked by splurge and The-Rev. Greetz dislexik, nouse, system33r, italguy, B_Real and anyone I forgot, sm0kedcrew () hushmail com." E-mail to the hushmail address has so far gone unanswered, perhaps due to Sm0ked Crew's busy work schedule. According to credits given on Attrition, an independent hack-tracking site, Sm0ked Crew also defaced the following sites in February: CompUSA, Louisiana State University Medical Center, Taipei City Government, Terra Lycos (which owns Wired News), Board of Foreign Trade (Taiwan) and University of South Florida. McNab still insists that Sm0ked Crew are script kiddies, and told vnunet that if Sm0ked Crew was really "focused," they would try to attack main home pages, instead of defacing the first unprotected bit of the network they happened to come across. Security experts should know better than to taunt people, said MonKeeBiz. "He's either trying to lure them in so he can snag them in the act, or he's got a major attitude problem." McNab was unavailable for comment. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Call Them Kiddies? Watch Out InfoSec News (Feb 17)